﻿using IdentityServer4;
using IdentityServer4.Models;
using IdentityServer4.Test;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace Api.IdentityServer
{
    public class InMemoryConfig
    {
        public static IEnumerable<IdentityResource> GetIdentityResourceResources()
        {
            return new List<IdentityResource>
            {
                //必须要添加，否则报无效的scope错误
                new IdentityResources.OpenId()
            };
        }


        public static IEnumerable<ApiScope> ApiScopes =>
             new ApiScope[]
             {
                    new ApiScope("Api.Catalog"),
                    new ApiScope("Api.Ordering")
             };

        public static IEnumerable<ApiResource> GetApiResources()
        {
            return new List<ApiResource>
            {
                new ApiResource("Api.Catalog","Api.Catalog")
                {
                    Scopes={ "Api.Catalog" }
                },//这里指定了name和display name， 以后api使用authorization server的时候， 这个name一定要一致
                new ApiResource("Api.Ordering","Api.Ordering"){
                    Scopes={ "Api.Ordering" }
                }
            };
        }
        /// <summary>
        ///  认证客户端列表
        /// </summary>
        /// <returns></returns>
        public static IEnumerable<Client> GetClients()
        {
            return new[]
            {
                new Client
                {
                    ClientId = "catalog",//访问客户端id,必须唯一
                    //使用客户端授权模式，客户端只需要clientid和secrets就可以访问api资源
                    AllowedGrantTypes = GrantTypes.ClientCredentials,
                    ClientSecrets =
                    {
                        new Secret("secret".Sha256())//客户端密码，进行加密
                    },
                    //作用域，允许访问的资源（接口）
                    AllowedScopes = { "Api.Catalog",IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile}
                },
                new Client{
                    ClientId = "ordering",
                    ClientSecrets = new []{
                    new Secret("secret".Sha256())
                    },
                    //使用的是通过用户名密码和clientCredentials来换取token的方式，ClientCredentials允许client只使用ClientSecrets来获取token.这比较适合那种没有用户参与的api动作
                    AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials,
                    AllowedScopes = {
                    "Api.Ordering", IdentityServerConstants.StandardScopes.OpenId,  IdentityServerConstants.StandardScopes.Profile
                    }
                }
            };
        }


        public static IEnumerable<TestUser> Users()
        {
            return new[]
            {
                new TestUser
                {
                    SubjectId = "",
                    Username = "cba",
                    Password = "abc"
                }
            };
        }


    }
}